Mobile Malware, Ransomware, Signed Binaries on the Rise, McAfee Finds

Mobile Malware, Ransomware, Signed Binaries on the Rise, McAfee Finds

by Sean Michael Kerner

Signed Malicious Binaries on the Rise

Malicious binaries increased over the course of 2013, particularly during the fourth quarter, McAfee Labs observed attackers digitally signing their code in an effort to trick users into thinking it was legitimate.

New Mobile Malware Still Growing

Mobile malware continues to be a growing concern, though McAfee Labs reported fewer new mobile malware samples in the fourth quarter of 2013 than during the fourth quarter of 2012.

Mobile Malware Wants to Know About You

Mobile malware has many different behaviors. The top behavior is to simply collect and send device telemetry and information without the mobile user's knowledge or authorization.

Ransomware Samples Doubled Year-Over-Year

Malware that holds users' devices hostage for ransom (hence the term "ransomware") became a significant problem in 2013. McAfee Labs reported that new ransomware samples doubled year-over-year in the fourth quarter.

New Rootkit Malware on the Decline

Not all forms of malware are growing. McAfee Labs reported that rootkit malwarewhich is activated at the time an operating system boots upis on the decline. In the fourth quarter, Rootkit malware declined 73 percent year-over-year.

Most Network Attacks Target the Browser

According to McAfee Labs, the leading targets for network-based attacks are Web-browser vulnerabilities.

The U.S. Is the Top Spam-Hosting Nation

When it comes to identifying the location of where phishing and spam Web addresses are located, the U.S tops the list.

Cutnet is the World's Top Spam Botnet

While the U.S. is the top nation for spam-hosting Web addresses, the Cutwall is the most prevalent spam botnet followed closely by Kelihos.

While multiple forms of malware continued to grow in 2013, some types declined, according to McAfee Labs' fourth-quarter security report, which was released March 10. Among key trends observed by McAfee Labs, an Intel company, is a rise in the use of signed binaries by malicious code. The original intent of signing binaries with some form of cryptographic certificate is to help ensure the authenticity and integrity of the underlying code. By using signed binaries, attackers are now leveraging the same tools that legitimate code developers employ. According to McAfee Labs, the use of signed binaries by malicious applications rose 52 percent year-over-year. That's 2.3 million new malicious applications, all digitally signed, in a bid to trick users into thinking the apps are legitimate and not harmful. The McAfee study also pointed to the continued growth of mobile malware, with 744,000 new mobile malware samples collected during the fourth quarter. Ransomware was another forms of malware on the increase; ransomware samples collected by McAfee Labs doubled in the fourth quarter. In this slide show, eWEEK examines key takeaways from the McAfee report.